From f98382daa779990a0eab6571bd8a054c5d47fcc0 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 27 Jul 2023 08:00:29 +0000 Subject: [PATCH] Auto-Update: 2023-07-27T08:00:25.511855+00:00 --- CVE-2023/CVE-2023-250xx/CVE-2023-25074.json | 4 +- CVE-2023/CVE-2023-39xx/CVE-2023-3956.json | 63 +++++++++++++++++++++ CVE-2023/CVE-2023-39xx/CVE-2023-3957.json | 63 +++++++++++++++++++++ README.md | 39 +++---------- 4 files changed, 136 insertions(+), 33 deletions(-) create mode 100644 CVE-2023/CVE-2023-39xx/CVE-2023-3956.json create mode 100644 CVE-2023/CVE-2023-39xx/CVE-2023-3957.json diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25074.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25074.json index d1f6551c1eb..ef8a89b9b4a 100644 --- a/CVE-2023/CVE-2023-250xx/CVE-2023-25074.json +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25074.json @@ -2,7 +2,7 @@ "id": "CVE-2023-25074", "sourceIdentifier": "disclosures@gallagher.com", "published": "2023-07-25T00:15:09.637", - "lastModified": "2023-07-25T13:01:04.750", + "lastModified": "2023-07-27T06:15:09.897", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -48,7 +48,7 @@ ], "references": [ { - "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25704", + "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074", "source": "disclosures@gallagher.com" } ] diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3956.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3956.json new file mode 100644 index 00000000000..bd5d5c4b626 --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3956.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-3956", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-07-27T07:15:09.857", + "lastModified": "2023-07-27T07:15:09.857", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add, modify or delete post and taxonomy, install, activate or deactivate plugin, change customizer settings, add or modify or delete user including administrator user." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/instawp-connect/tags/0.0.9.18/includes/class-instawp-rest-apis.php#L103", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2942363/instawp-connect#file5", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/48e7acf2-61d4-4762-8657-0701910ce69b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3957.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3957.json new file mode 100644 index 00000000000..177cee0d2db --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3957.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-3957", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-07-27T07:15:10.253", + "lastModified": "2023-07-27T07:15:10.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apg_profile_update' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or above, to update the user metas arbitrarily. The meta value can only be a string." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/navz-photo-gallery/tags/1.9/includes/acf_photo_gallery_save.php#L42", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2943404/navz-photo-gallery#file0", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/689511e0-1355-4fcb-8a72-d819abc8e9a3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e7a7148923f..63f888b758a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-27T06:00:26.346583+00:00 +2023-07-27T08:00:25.511855+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-27T05:15:10.613000+00:00 +2023-07-27T07:15:10.253000+00:00 ``` ### Last Data Feed Release @@ -29,45 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -221136 +221138 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -* [CVE-2023-32450](CVE-2023/CVE-2023-324xx/CVE-2023-32450.json) (`2023-07-27T05:15:10.363`) +* [CVE-2023-3956](CVE-2023/CVE-2023-39xx/CVE-2023-3956.json) (`2023-07-27T07:15:09.857`) +* [CVE-2023-3957](CVE-2023/CVE-2023-39xx/CVE-2023-3957.json) (`2023-07-27T07:15:10.253`) ### CVEs modified in the last Commit -Recently modified CVEs: `204` +Recently modified CVEs: `1` -* [CVE-2023-37450](CVE-2023/CVE-2023-374xx/CVE-2023-37450.json) (`2023-07-27T04:15:42.017`) -* [CVE-2023-38133](CVE-2023/CVE-2023-381xx/CVE-2023-38133.json) (`2023-07-27T04:15:42.297`) -* [CVE-2023-38136](CVE-2023/CVE-2023-381xx/CVE-2023-38136.json) (`2023-07-27T04:15:42.747`) -* [CVE-2023-38258](CVE-2023/CVE-2023-382xx/CVE-2023-38258.json) (`2023-07-27T04:15:43.523`) -* [CVE-2023-38259](CVE-2023/CVE-2023-382xx/CVE-2023-38259.json) (`2023-07-27T04:15:43.787`) -* [CVE-2023-38410](CVE-2023/CVE-2023-384xx/CVE-2023-38410.json) (`2023-07-27T04:15:44.003`) -* [CVE-2023-38421](CVE-2023/CVE-2023-384xx/CVE-2023-38421.json) (`2023-07-27T04:15:44.237`) -* [CVE-2023-38424](CVE-2023/CVE-2023-384xx/CVE-2023-38424.json) (`2023-07-27T04:15:44.553`) -* [CVE-2023-38425](CVE-2023/CVE-2023-384xx/CVE-2023-38425.json) (`2023-07-27T04:15:44.827`) -* [CVE-2023-38565](CVE-2023/CVE-2023-385xx/CVE-2023-38565.json) (`2023-07-27T04:15:45.210`) -* [CVE-2023-38572](CVE-2023/CVE-2023-385xx/CVE-2023-38572.json) (`2023-07-27T04:15:45.570`) -* [CVE-2023-38593](CVE-2023/CVE-2023-385xx/CVE-2023-38593.json) (`2023-07-27T04:15:45.950`) -* [CVE-2023-38594](CVE-2023/CVE-2023-385xx/CVE-2023-38594.json) (`2023-07-27T04:15:46.267`) -* [CVE-2023-38595](CVE-2023/CVE-2023-385xx/CVE-2023-38595.json) (`2023-07-27T04:15:46.603`) -* [CVE-2023-38597](CVE-2023/CVE-2023-385xx/CVE-2023-38597.json) (`2023-07-27T04:15:46.957`) -* [CVE-2023-38600](CVE-2023/CVE-2023-386xx/CVE-2023-38600.json) (`2023-07-27T04:15:47.267`) -* [CVE-2023-38602](CVE-2023/CVE-2023-386xx/CVE-2023-38602.json) (`2023-07-27T04:15:47.573`) -* [CVE-2023-38603](CVE-2023/CVE-2023-386xx/CVE-2023-38603.json) (`2023-07-27T04:15:47.900`) -* [CVE-2023-38606](CVE-2023/CVE-2023-386xx/CVE-2023-38606.json) (`2023-07-27T04:15:48.257`) -* [CVE-2023-38608](CVE-2023/CVE-2023-386xx/CVE-2023-38608.json) (`2023-07-27T04:15:48.577`) -* [CVE-2023-38611](CVE-2023/CVE-2023-386xx/CVE-2023-38611.json) (`2023-07-27T04:15:48.833`) -* [CVE-2023-20593](CVE-2023/CVE-2023-205xx/CVE-2023-20593.json) (`2023-07-27T05:15:10.213`) -* [CVE-2023-32001](CVE-2023/CVE-2023-320xx/CVE-2023-32001.json) (`2023-07-27T05:15:10.297`) -* [CVE-2023-33460](CVE-2023/CVE-2023-334xx/CVE-2023-33460.json) (`2023-07-27T05:15:10.483`) -* [CVE-2023-38197](CVE-2023/CVE-2023-381xx/CVE-2023-38197.json) (`2023-07-27T05:15:10.613`) +* [CVE-2023-25074](CVE-2023/CVE-2023-250xx/CVE-2023-25074.json) (`2023-07-27T06:15:09.897`) ## Download and Usage